Candlekeep Forum
Candlekeep Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Private Messages | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 The Candlekeep Web Site
 Site Content
 Certificate error

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert Email Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]
Rolling Eyes [8|] Confused [?!:] Help [?:] King [3|:]
Laughing [:OD] What [W] Oooohh [:H] Down [:E]

  Check here to include your profile signature.
Check here to subscribe to this topic.
    

T O P I C    R E V I E W
TheIriaeban Posted - 13 Jan 2023 : 01:01:50
I keep getting an invalid certificate error in my browser when accessing the forums. Anyone else seeing that?
29   L A T E S T    R E P L I E S    (Newest First)
Big Mac Posted - 20 Aug 2024 : 15:34:22
quote:
Originally posted by Alaundo

Well met

Indeed, whilst Candlekeep did have a few years being self-hosted, it is no longer. The host charge for certificates and do not permit alterative means of provisioning.
The forum and site have moved several times of the years, not without incident and pain, but there is no current plan to move hosts, although a long overdue plan to migrate the underlying forum software.



Thanks for the confirmation!

(Our hosting company also wanted to charge us, if they provided certificates, but didn't block us from going around their support team to do it ourselves.) Sorry to hear that you do not have that option. I'll consider this topic closed.

Good luck migrating the forum software. I know that will be a very big task.
Alaundo Posted - 18 Aug 2024 : 22:26:43
Well met

Indeed, whilst Candlekeep did have a few years being self-hosted, it is no longer. The host charge for certificates and do not permit alterative means of provisioning.
The forum and site have moved several times of the years, not without incident and pain, but there is no current plan to move hosts, although a long overdue plan to migrate the underlying forum software.
Italian Archmage Karsus Posted - 17 Aug 2024 : 01:19:24
Alaundo, from what I understand, doesn't do his own webhosting: it is done as a service. That service charges for HTTPS; it doesn't matter whether they renew with certbot, by snail mail, or artisanally. The forum software is also thoroughly obsolete and it would almost certainly break if they tried to move hosts. So, either Alaundo pays for HTTPS, or we don't get HTTPS, because LetsEncrypt would require Alaundo had access to the server personally, and he is locked in with the host.

This is not a technical issue, TBeholder. Just make sure you don't reuse passwords.
TBeholder Posted - 11 Aug 2024 : 17:13:18
The problem persists.
quote:
Originally posted by Big Mac

That is the exact same attitude I used to have for the website I run. We do not sell anything or exchange credit cards details with people. There is literally nothing to secure.

As long as you don't insist that the users should take risk by enabling JavaScript on what appears to be your site.
Man-in-the-middle attack is a thing.

quote:
Facebook seems to also be blacklisting http only websites. It is impossible to link to the Spelljammer: Beyond the Moons website there, which kind of sucks, when you are trying to help keep Spelljammer fandom alive.

There's also that. Of course, if you want to integrate it with Facebook, why not just do it on Facebook?
I mean, seeing how they speed-banned even mentions of a certain math law among the other things, it may be a step beyond even the current state of Piazza, but if you really want Facehug...

quote:
You might want to check out Cloudflare. Candlekeep probably qualifies for their free account. That comes with a free security certificate that gets updated at their end. And you also get DDoS protection.

Do so if you want your site to be inaccessible for anyone except users in Seattle and using browsers that support the latest Google(TM) spyware.
I fed their "hurr, checking if you are human" script crafted UserAgent value of a Google bot once... the script suggested to upgrade it.

quote:
But the problem with https, is that it is tied into certificates that you constantly have to renew. If you are late (or ill or busy with important stuff) everyone's browser throws up websites suggesting that your website is dangerous. That aspect is a pain in the neck.
Automation is a thing. That is done with them computers. Let's Encrypt plainly states in FAQ:
quote:
We recommend automatically renewing your certificates every 60 days.
And if you follow link in the previous line:
quote:
If we’re going to move the entire Web to HTTPS, we can’t continue to expect system administrators to manually handle renewals.
Big Mac Posted - 11 Aug 2024 : 00:11:26
quote:
Originally posted by Alaundo

<snip>

Due to the nature of this site, it's not really necessary to have a certificate. I'll get this addressed shortly.



That is the exact same attitude I used to have for the website I run. We do not sell anything or exchange credit cards details with people. There is literally nothing to secure.

Then we started to get second-hand reports from existing forum members, stating that people they had invited to join us had refused to sign up, stating that their browser or a search engine had listed the website as "not secure".

Facebook seems to also be blacklisting http only websites. It is impossible to link to the Spelljammer: Beyond the Moons website there, which kind of sucks, when you are trying to help keep Spelljammer fandom alive.

So we decided to move our website to https pretty much at the point of a gun.

But the problem with https, is that it is tied into certificates that you constantly have to renew. If you are late (or ill or busy with important stuff) everyone's browser throws up websites suggesting that your website is dangerous. That aspect is a pain in the neck.

You might want to check out Cloudflare. Candlekeep probably qualifies for their free account. That comes with a free security certificate that gets updated at their end. And you also get DDoS protection.

If it is not going to conflict with your forum software or the software you use for the main website, it might be a one-and-done solution.
TBeholder Posted - 27 Jan 2023 : 23:42:49
Why not use Let's Encrypt? They give out free Domain Validation certificates, which are recognizable by browsers because they are on that certificate tree. That's all you need, right?
Azar Posted - 20 Jan 2023 : 12:48:40
quote:
Originally posted by Alaundo

quote:
Originally posted by Azar

Another user on the site said that he is getting bounced out.



Well met

What does he mean exactly? Can you get him to email me at alaundo @ candlekeep.com please.

The cert issue is annoying, but this is down to local browser caching etc. now.



Specifically clearing the Cache (instead of the Cookies alone) did the trick for both of us, in the end. Thank you for the tip!
Alaundo Posted - 20 Jan 2023 : 09:24:22
quote:
Originally posted by Azar

Another user on the site said that he is getting bounced out.



Well met

What does he mean exactly? Can you get him to email me at alaundo @ candlekeep.com please.

The cert issue is annoying, but this is down to local browser caching etc. now.
Azar Posted - 20 Jan 2023 : 01:15:39
Another user on the site said that he is getting bounced out.
sleyvas Posted - 19 Jan 2023 : 18:45:04
quote:
Originally posted by TBeholder

Still shows an error (self-signed certificate)... and if that's manually accepted, drops out to unsecure http.
quote:
Originally posted by sleyvas


{CrankyMode On}
I hate certs.... having to deal with this stuff in an internal corporate environment where noone pays attention to it and just clicks past it

Sounds no different from the way anything else is done in Dilbert's company.
quote:
Don't get me wrong, I can see why they might be needed in some instances (I don't want someone somehow getting my bank's DNS entries for themselves and setting up a fake site).... but ~90% of things don't need it.

So for 90% of sites you are fine with... executing scripts from unknown sources?



The majority of things with certs like I'm talking about aren't even internet facing. Its internal management for devices running their own specialized O/S, etc... You could setup a self signed cert and set it to expire in 50 years, but then someone says "that's not good enough, you need one from a cert authority, and it has to expire every 3 years". Half the stuff you'd have to hack into the network, then get into a jumpbox in a special VRF that's absolutely cut off from the internet, then web browse to the management of your device.... hoop after hoop after hoop.
TBeholder Posted - 19 Jan 2023 : 16:33:07
Still shows an error (self-signed certificate)... and if that's manually accepted, drops out to unsecure http.
quote:
Originally posted by sleyvas


{CrankyMode On}
I hate certs.... having to deal with this stuff in an internal corporate environment where noone pays attention to it and just clicks past it

Sounds no different from the way anything else is done in Dilbert's company.
quote:
Don't get me wrong, I can see why they might be needed in some instances (I don't want someone somehow getting my bank's DNS entries for themselves and setting up a fake site).... but ~90% of things don't need it.

So for 90% of sites you are fine with... executing scripts from unknown sources?
Azar Posted - 19 Jan 2023 : 09:37:01
quote:
Originally posted by Storyteller Hero

The site is working on my Safari browser, but Chrome seems to keep blocking it due to "invalid certificate".





I wonder if this is a Chrome issue with certificates in general or if this specific certificate itself just doesn't jive with Chrome for whatever reason.
Storyteller Hero Posted - 19 Jan 2023 : 07:27:54
The site is working on my Safari browser, but Chrome seems to keep blocking it due to "invalid certificate".

Azar Posted - 17 Jan 2023 : 13:03:39
quote:
Originally posted by Wooly Rupert

quote:
Originally posted by Azar

My rub with Edge - other than it being a descendant of Internet Explorer - is its comparative lack of customization.



So you can't try it for a particular website because you can't customize it?



I can try using that browser; I just don't want to be dependent on an entirely different browser for one subsection of a forum .
Wooly Rupert Posted - 17 Jan 2023 : 11:00:52
quote:
Originally posted by Azar

My rub with Edge - other than it being a descendant of Internet Explorer - is its comparative lack of customization.



So you can't try it for a particular website because you can't customize it?
Azar Posted - 17 Jan 2023 : 10:25:03
My rub with Edge - other than it being a descendant of Internet Explorer - is its comparative lack of customization.
Wooly Rupert Posted - 17 Jan 2023 : 03:46:43
Perhaps a different browser? I don't otherwise advocate for Edge, but I've not had any issues using it with this site.
Azar Posted - 17 Jan 2023 : 03:08:56
An "Incognito" window does the trick, but...I'd hate for this to be the only solution.
Ashe Ravenheart Posted - 17 Jan 2023 : 02:28:09
Might just be you. I'm not having any problems.
Azar Posted - 17 Jan 2023 : 02:23:40
Clearing all cookies also did not help.
Azar Posted - 16 Jan 2023 : 16:36:23
I cannot enter "General Forgotten Realms Chat"; clicking on the hyperlink causes my browser's window to flash and...nothing else. Clearing Candlekeep cookies and signing back in did not do the trick.
Alaundo Posted - 16 Jan 2023 : 11:04:39
Well met

This should now be resolved. Any remaining issues, try clearing cookies or using an incognito session.
sleyvas Posted - 13 Jan 2023 : 16:30:42
quote:
Originally posted by Alaundo

Well met

Don't panic. This is due to Candlekeep being granted a free SSL certificate last year, which has now expired. Due to the nature of this site, it's not really necessary to have a certificate. I'll get this addressed shortly.



Please forgive me my rant for a moment... it is not aimed at you Alaundo or this site.

{CrankyMode On}

I hate certs.... having to deal with this stuff in an internal corporate environment where noone pays attention to it and just clicks past it ... or worse someone puts some policy on all the systems so that they are no longer allowed to click past cert issues and then people forget that X application was added 5 years earlier and the cert needs to be updated before it expires. So, the cert expires, a major incident is stood up and 50 people get dragged on a call to whine about the application being broken. Then half of those whiners have no clue and try to armchair troubleshoot the issue, while the other half are all asking "who manages this app and why aren't THEY on this call?". Meanwhile, all it does is create some stupid job for usually the same guy that's pushing the requirement to get certs updated for the people that have no idea how to do it. Don't get me wrong, I can see why they might be needed in some instances (I don't want someone somehow getting my bank's DNS entries for themselves and setting up a fake site).... but ~90% of things don't need it.

{CrankyMode Off}
Alaundo Posted - 13 Jan 2023 : 07:08:38
Well met

Don't panic. This is due to Candlekeep being granted a free SSL certificate last year, which has now expired. Due to the nature of this site, it's not really necessary to have a certificate. I'll get this addressed shortly.
Ayrik Posted - 13 Jan 2023 : 06:59:11
I'm guessing that Candlekeep's host failed to renew some license or update or whatever. A fixable problem which will quickly be corrected.
Wooly Rupert Posted - 13 Jan 2023 : 04:07:12
quote:
Originally posted by Ashe Ravenheart

quote:
Originally posted by Wooly Rupert

Got the message, myself. I'm about to ping Big Al.

I wonder if it has to do with the link to Paizo's announcement. I'm noticing it comes up especially if going to that scroll. Since Paizo's site is down, the link doesn't respond, and maybe site security can't verify everything's good.



I don't see how it could possibly be related to that. The timing is mere coincidence.

I'm getting the same message when I hit the "Active Topics" link to see new posts.

Expanding on the error, it says the security certificate expired in the last day. I should expect that Big Al (or the host, depending on who owns the cert) just needs to renew it.
Ashe Ravenheart Posted - 13 Jan 2023 : 02:20:49
quote:
Originally posted by Wooly Rupert

Got the message, myself. I'm about to ping Big Al.

I wonder if it has to do with the link to Paizo's announcement. I'm noticing it comes up especially if going to that scroll. Since Paizo's site is down, the link doesn't respond, and maybe site security can't verify everything's good.
Wooly Rupert Posted - 13 Jan 2023 : 01:55:36
Got the message, myself. I'm about to ping Big Al.
Blademaster Posted - 13 Jan 2023 : 01:37:07
Yes, I just go the same message when I logged in this evening.

Candlekeep Forum © 1999-2024 Candlekeep.com Go To Top Of Page
Snitz Forums 2000